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DETAILED ACTION 

This Office Action is in response to an After Final filed August 3, 2005. The Examiner has 
carefully reviewed the Applicant's response and reconsiders the previous rejection. Therefore, the finality 
of the previous rejection has been removed, and a new Final rejection has been prepared below based 
on new grounds. Claims 1-34 are currently pending. 

Claim Rejections - 35 USC §103 

1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-32,34 are rejected under 35 U.S.C. 103(a) as being unpatentable over Nessett et al. 
(US 5,968,176), and further in view of Reid et al. (US 6,182,226) in view of Kephart (US 5,452,442). 

As per claim 1 , Nessett et al. disclose a network adapter system, as claimed, comprising: 

• a processor positioned on a network adapter coupled between a computer and a network 
(see column 1 1 , lines 26-31 , where network adapter is considered the NIC; computer is 
considered the end system, and the processor is inherent within the NIC for it to operate); 

• wherein the processor is adapted for content scanning of network traffic transmitted 
between the computer and the network (see column 1 1 , lines 54-62, where scanning is 
implied by filtering within a NIC to implement a multilayer firewall). 

Although the system disclosed by Nessett et al. shows substantial features of the claimed 
invention (discussed above), it fails to disclose virus scanning to scan for known types of malicious 
programs or data. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Nessett et al., as evidenced by Reid et al. 
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In an analogous art, Reid et al. disclose a system where a firewall maintains a set of regions 
restricting communication according to a set of policies (see Abstract). Further, teaching the firewall 
containing a virus scanner region to scan for known type of malicious program or data (see Fig. 4, and 
column 8, lines 10-18). 

Given the teaching of Reid et al., a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Nessett et al. by employing a firewall capable of 
virus scanning to scan for known types of malicious programs or data, such as disclosed by Reid et al., in 
order to further improve the level of security provided by a firewall to prevent malicious attacks from 
incurring on a target system. 

Although the system disclosed by Nessett et al. in view of Reid et al. shows substantial features 
of the claimed invention (discussed above), it fails to disclose that the virus scanning utilizes virus 
signature files. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Nessett et al. in view of Reid et al., as evidenced by Kephart. 

In an analogous art, Kephart discloses that it is old and well known to utilize virus signature files 
when scanning for viruses (see column 1, lines 35-49), 

Given the teaching of Kephart, a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Nessett et al. in view of Reid et al. by scanning 
for virus signature files, such as disclosed by Kephart, in order to accurately monitor for viruses, and 
distinguish false alarms from regularly executing programs. 

As per claim 2, Nessett et al. in view of Reid et al. in view of Kephart further disclose that the 
processor is capable of being user-configured (see Nessett et al. column 16, lines 31-42). 

As per claim 3, Nessett et al. in view of Reid et al. in view of Kephart further disclose that the 
processor is capable of being user-configured locally (see Nessett et al. column 20, lines 62-67, where it 
is implied if there is a storage available at the node, the configuration data will be available to the node 
locally; and nodes are devices as described by Nessett et al. in column 8, 1-6) 
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As per claim 4, Nessett et al. in view of Reid et al. in view of Kephart further disclose that the 
processor is capable of being user-configured remotely via a network connection with the network 
adapter (see Nessett et al. column 16, lines 31-42). 

As per claim 5, Nessett et al. in view of Reid et al. in view of Kephart further disclose that the 
processor is capable of being user-configured only after the verification of a password (see Nessett et al. 
column 18, lines 11-19). 

As per claim 6, Nessett et al. in view of Reid et al. in view of Kephart further disclose that the 
manner in which the scanning is performed is capable of being user-configured (see Nessett et al. column 
17, lines 9-21). 

As per claim 7, Nessett et al. in view of Reid et al. in view of Kephart further disclose that the 
settings of the network adapter are capable of being user-configured (see Nessett et al. column 20, lines 
42-46, where the settings are considered the rules that are being configured in the node). 

As per claim 8, Nessett et al. in view of Reid et al. in view of Kephart further disclose that the 
processor is capable of determining whether received packets are of interest (see Nessett et al. column 
23, lines 18-26). 

As per claim 9, Nessett et al. in view of Reid et al. in view of Kephart further disclose that the 
packets of interest are based on an associated protocol (see Nessett et al. column 23, lines 18-26, where 
the associated protocol is considered protocols other than FTP in this case). 

As per claim 10, Nessett et al. in view of Reid et al. in view of Kephart further disclose that the 
processor is capable of passing received packets that are not of interest to the computer (see Reid 
column 8, lines 16-18, where it is implied that the transfer is not redirected if a virus is not found). 

As per claim 1 1 , Nessett et al. in view of Reid et al. in view of Kephart further disclose that the 
processor is capable of scanning received packets that are of interest (see Nessett et al. column 23, lines 
18-26, where scanning is implied from the ability to distinguish between the different protocols). 

As per claim 12, Nessett et al. in view of Reid et al. in view of Kephart further disclose that the 
processor is capable of denying received packets that fail the scan (see Nessett et al. column 23, lines 
18-26). 
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As per claim 13, Nessett et at. in view of Reid et al. in view of Kephart further disclose that the 
scan is performed based on user settings (see Nessett et al. column 23, lines 43-57, where the user 
settings are determined by the user configured Multilayer Firewall Management Station). 

As per claim 30, Nessett et al. in view of Reid et al. in view of Kephart further disclose that the 
content scanning enforces operational policies of an organization (see Nessett et al. column 17, lines 9- 
21). 

As per claim 31 , Nessett et al. in view of Reid et al. in view of Kephart further disclose that the 
policies include detecting entities selected from the group consisting of harassing content, pornographic 
content, junk e-mails, and misinformation (see Reid et al. column, lines 12-31). 

As per claim 32, Nessett et al. in view of Reid et al. in view of Kephart further disclose that it 
would have been obvious to store the signature files on a non-volatile solid state memory on the network 
adapter since virus scanning is performed on the network adapter, it would be obvious that the signature 
files be located along with the virus scanner. 

As per claim 34, Nessett et al. in view of Reid et al. in view of Kephart further disclose that the 
packets that are of interest include executable files (see Reid et al. column 7, lines 33-45, where 
executable files are considered packets relating to services such as WWW, Email, Telnet, FTP, etc.). 

As per claim 14,27,28 Nessett et al. disclose a system for scanning network traffic on a network 
adapter, as claimed, comprising: 

• network adapter means for receiving packets (see column 23, lines 18-26); 

• processor means positioned on the network adapter means for content scanning of the 
packets (see column 23, lines 18-26); and 

• means for conditionally taking security measures if the packets fail the scan (see column 
23, lines 18-26). 

Although the system disclosed by Nessett et al. shows substantial features of the claimed 
invention (discussed above), it fails to disclose virus scanning to scan for known types of malicious 
programs or data. 
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Nonetheless, these features are well known In the art and would have been an obvious 
modification of the system disclosed by Nessett et al., as evidenced by Reid et al. 

In an analogous art, Reid et al. disclose a system where a firewall maintains a set of regions 
restricting communication according to a set of policies (see Abstract). Further, teaching the firewall 
containing a virus scanner region to scan for known type of malicious program or data (see Fig. 4, and 
column 8, lines 10-18). 

Given the teaching of Reid et al., a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Nessett et al. by employing a firewall capable of 
virus scanning to scan for known types of malicious programs or data, such as disclosed by Reid et al., in 
order to further improve the level of security provided by a firewall to prevent malicious attacks from 
incurring on a target system. 

Although the system disclosed by Nessett et al. in view of Reid et al. shows substantial features 
of the claimed invention (discussed above), it fails to disclose that the virus scanning utilizes virus 
signature files. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Nessett et al. in view of Reid et al., as evidenced by Kephart. 

In an analogous art, Kephart discloses old and well known to utilize virus signature files when 
scanning for viruses (see column 1, lines 35-49), 

Given the teaching of Kephart, a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Nessett et al. in view of Reid et al. by scanning 
for virus signature files, such as disclosed by Kephart, in order to accurately monitor for viruses, and 
distinguish false alarms from regularly executing programs. 

As per claims 15-26, see rejection for claims 2-13 above. 

As per claim 29, Nessett et al. disclose a network adapter system, as claimed, comprising: 
• a processor positioned on a network adapter coupled between a computer and a 
network, the processor including a packet assembly module, random access memory, 
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and a scanner module (see column 23, lines 18-26, where processor components 
claimed are inherent within the processor disclosed by Nessett et al.). 

• a user interface driver for identifying network traffic of interest transmitted between the 
computer and the network (see column 23, lines 18-26); 

• wherein the processor is adapted for discerning and content scanning of network traffic of 
interest transmitted between the computer and the network (see column 23, lines 18-26). 

Although the system disclosed by Nessett et al. shows substantial features of the claimed 
invention (discussed above), it fails to disclose virus scanning to scan for known types of malicious 
programs or data. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Nessett et aL, as evidenced by Reid et al. 

In an analogous art, Reid et al. disclose a system where a firewall maintains a set of regions 
restricting communication according to a set of policies (see Abstract). Further, teaching the firewall 
containing a virus scanner region to scan for known type of malicious program or data (see Fig. 4, and 
column 8, lines 10-18). 

Given the teaching of Reid et al., a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Nessett et al. by employing a firewall capable of 
virus scanning to scan for known types of malicious programs or data, such as disclosed by Reid et al., in 
order to further improve the level of security provided by a firewall to prevent malicious attacks from 
incurring on a target system. 

Although the system disclosed by Nessett et al. in view of Reid et al. shows substantial features 
of the claimed invention (discussed above), it fails to disclose that the virus scanning utilizes virus 
signature files. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Nessett et al. in view of Reid et al., as evidenced by KepharL 

In an analogous art, Kephart discloses old and well known to utilize virus signature files when 
scanning for viruses (see column 1, lines 35-49), 



Application/Control Number: 10/028,650 Page 8 

Art Unit: 2153 

Given the teaching of Kephart, a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Nessett et al. in view of Reid et al. by scanning 
for virus signature files, such as disclosed by Kephart, in order to accurately monitor for viruses, and 
distinguish false alarms from regularly executing programs. 

3. Claim 33 is rejected under 35 U.S.C. 103(a) as being unpatentable over Nessett et al. in view of 
Reid et al. in view of Kephart as applied to claim 32 above, and further in view of Bonomo et al. (US 
6,658,562). 

Although the system disclosed by Nessett et al. in view of Reid et al. in view of Kephart shows 
substantial features of the claimed invention (discussed above), it fails to disclose that memory is user 
protected by configuring a network adapter BIOS with a password that only a user can change. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Nessett et al. in view of Reid et al. in view of Kephart, as 
evidenced by Bonomo. 

In an analogous art, Bonomo discloses a system for setting different BIOS configurations stored 
in a memory device (see Abstract). Further showing setting a password to view information in a BIOS 
setup program or to change configuration (see column 4, lines 11-21 and 30-41). 

Given the teaching of Bonomo, a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Nessett et al. in view of Reid et al. in view of 
Kephart by employing a password protected BIOS, such as disclosed by Bonomo, in order to prevent 
unwanted users from changing settings without authorization. 

Response to Arguments 

(A) Applicant contends that it would not have been obvious to combine the teachings of the Nessett 
and Reid references. 

(B) Applicant contends that filtering does not meet content scanning. 
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(C) Applicant contends that Reid does not teach that the firewall performs the virus check, but only 
that the firewall performs the alert based on a virus check. 

(D) Applicant contends that managing security policy data for the operation of security systems does 
not meet any sort of content scanning that enforces operational policies in an organization. 

(E) Applicant contends that it would not have been obvious to store signature files on a non-volatile 
solid state memory on the network adapter. 

In considering (A), the Examiner respectfully disagrees. In response to applicant's argument that 
there is no suggestion to combine the references, the examiner recognizes that obviousness can only be 
established by combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the references 
themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 
F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)and In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 
1992). In this case, it is shown by Reid that firewalls are known to scan for viruses and alert the system 
administrator and quarantine the virus. Since Nessett, shows a firewall placed on a Network Interface 
Card, it would have been obvious to carry over the known functionality of firewalls taught by Reid and 
implement them on a firewall that is located on a Network Interface Card, such as disclosed by Nessett. 

In considering (B), the Examiner respectfully disagrees. It is unclear what the Applicant 
specifically means by content. The Examiner is taking the broadest interpretation of the claim and using 
content to mean the entire packet, including the header and payload. In this case, Nessett must access 
the header in order to get to the address. Since the header is part of the packet content, it reads on the 
claimed invention. 

In considering (C), the Examiner respectfully disagrees. It is implied that the firewall performs the 
virus check. Fig. 4 is describing actions being taken by the firewall. For example, redirecting the transfer 
to a safe location for later inspection. Reid (column 8, line 10-18) is describing a specific capability this 
firewall can perform. 
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In considering (D), the Examiner respectfully disagrees. Please see discussion on content 
scanning above in reference to argument (A). 

In considering (E), the Examiner respectfully disagrees. The Examiner believes that a Network 
Interface Card with a firewall possessing virus scanning capabilities is obvious for the reasons mentioned 
above. Therefore, it would be obvious to place a memory on the card to hold the virus signature files 
used to detect these viruses. 

Conclusion 

4. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth 
in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Philip J. Chea whose telephone number is 571-272-3951 . The examiner can normally be 
reached on M-F 7:00-4:30 (1st Friday Off). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Glenn Burgess can be reached on 571-272-3949. The fax phone number for the organization where this 
application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-21 7-91 97 (toll-free). 
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Examiner 
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